Earlier this week, CISA announced that it had added new Linux vulnerabilities to its catalog, warning that they are being actively exploited.
Recent additions to the Cybersecurity and Infrastructure Security Agency's (CISA) Catalog of Vulnerabilities Exploited (KEV) include multiple vulnerabilities in the Linux kernel, as well as other vulnerabilities dating back more than 12 years. While the exact details of how these vulnerabilities were exploited, whether recent or historical, are unknown, there is a trend in which cybercriminals are successfully targeting known vulnerabilities, particularly those with publicly available exploit code, as in identified in our 2022 Threat Landscape Report.
Vulnerabilities save hackers a lot of work
Because unpatched assets persist within organizations, cybercriminals don't have to find, develop, or procure zero-day vulnerabilities, giving them cost savings, especially when it's so easy to find public proof-of-concept exploit code for a variety of vulnerabilities .
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
For Log4Shell, a critical vulnerability in the Log4j 2 logging library, we observed that ransomware groups and state threat actors allied to the People's Republic of China and Iran's Islamic Revolutionary Guard Corps (IRGC) injected a piece of open-source software into the took aim. This is used in a number of applications, highlighting the challenges posed by the use of open source libraries and software and the resulting supply chain risks. Now more than ever, organizations need to gain visibility into their attack surface to make the necessary connections and mitigate their cyber risk.” (Satnam Narang, Senior Staff Research Engineer at Tenable)
More at Tenable.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.